Crypt::NaCl::Sodium Integer Overflow Vulnerability on 32-Bit Systems
Vulnerability
A vulnerability exists in Crypt::NaCl::Sodium versions through 2.001 for Perl, specifically on 32-bit systems. The issue arises from an integer overflow when the library's functions interface with libsodium, due to a size mismatch between data types. This flaw can potentially be exploited to manipulate data or cause unexpected behavior in the application.
Impact
Exploitation of this vulnerability can lead to a size_t overflow, where an integer value exceeds its maximum limit and wraps around, potentially causing incorrect memory allocation or buffer overflows.
Reproduction
The vulnerability can be reproduced by using Crypt::NaCl::Sodium version 2.001 or earlier on a 32-bit system. When the library is used to encrypt or decrypt data with libsodium functions, the integer overflow occurs. This can be verified by observing the library's behavior when handling large data lengths, which should trigger the overflow condition.
Remediation
Users can upgrade to Crypt::NaCl::Sodium version 2.001 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.